New and Changed Features in Contrail Service Orchestration Release 5.0.1
This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 5.0.1.
Support for adding an EX Series switch behind NFX250— From CSO Release 5.0.1 onward, you can add WAN and LAN capabilities to an on-premise spoke site by either:
Configuring the site with the NFX250 device as the CPE and an EX Series switch connected to the NFX250 device.
Adding an EX Series switch to a site that has the NFX250 device configured as the CPE.
Support for a unified firewall policy— From CSO 5.0.1 onward, next-generation firewall or CPE devices running Junos OS Release 18.2R1 or later support dynamic applications as match criteria within the unified firewall policy definition. This support makes the application firewall configuration obsolete. Therefore, you do not need a separate application firewall configuration on the devices. However, in devices running Junos OS releases earlier than Release 18.2R1, you need to continue configuring application firewall for blocking or permiting dynamic-applications traffic.
You can configure the following default settings for the unified firewall policy in the customer portal:
A reason for denying access to a resource or blocking a traffic
A URL for redirecting traffic
The default settings are applied only if the next-generation firewall or CPE devices are running Junos OS Release 18.2 R1 or later.
Provider hub support for operating companies— From CSO Release 5.0.1 onward, an operating company (OpCo) administrator can onboard a provider hub device with data capability. A secure connection is established between the provider hub with data capability and the provider hub with OAM capability. The Juniper Networks team that hosts the cloud-based CSO owns and manages the provider hub with OAM capability.
Automatic assignment of OAM loopback IP address—From CSO Release 5.0.1 onward, if you do not specify an OAM loopback IP address for a CPE device or a provider hub device that is managed by CSO, then CSO automatically assigns an OAM loopback IP address from the carrier-grade NAT reserved pool subnet range 100.124.0.0/14 to the CPE device.
Image management support for EX Series switches—From CSO Release 5.0.1 onward, you can view, upload, stage, and deploy Junos OS images for EX2300, EX3400, and EX4300 switches.
Support for remotely accessing a device CLI—From CSO Release 5.0.1 onward, you can remotely access the CLI of a CPE device and an EX Series switch (EX2300, EX3400, and EX4300) to run show operational commands. Following are the supported CPE devices:
NFX150 and NFX250
SRX Series (SRX300, SRX320, SRX340, SRX345, SRX550 High Memory (SRX550M), SRX1500, SRX4100, SRX4200, and vSRX on an x86 server)